mcart.xls Bitrix Module 6.5.2 - SQL Injection

mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...

WordPress < 4.2.4 Multiple Vulnerabilities

Binary data 9031.prm...

CVE-2015-7984

Multiple cross-site request forgery CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary 1 commands via the cmd paramet...

DEBIAN-CVE-2015-7984

Multiple cross-site request forgery CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary 1 commands via the cmd paramet...

CVE-2015-7984

Multiple cross-site request forgery CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary 1 commands via the cmd paramet...

CVE-2015-7984

Multiple cross-site request forgery CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary 1 commands via the cmd paramet...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary 1 commands via the cmd paramet...

CVE-2015-7984

CVE-2015-7984 cites CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 that allow remote attackers to hijack administrator authentication to perform requests executing arbitrary commands, SQL queries, or PHP code (via cmd, ...

Horde Groupware Cross-Site Request Forgery Vulnerability

Horde Groupware is a free, enterprise-grade, browser-based collaboration suite. A cross-site request forgery vulnerability exists in Horde Groupware. Because the "/admin/cmdshell.php", "/admin/sqlshell.php", "/admin/phpshell.php "scripts failed to properly validate the origin of HTTP requests,...

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

Bad performance noticed on issues with long history

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-45903. panel Performing some testing with JIRA 6.4.5, I've noticed that there is a huge difference when logging work on an issue with no...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...

ManageEngine OpManager <= 11.6 Multiple Vulnerabilities - Active Check

ManageEngine OpManager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ManageEngine OpManager 11.5 - Multiple Vulnerabilities

ManageEngine OpManager 11.5 - Multiple Vulnerabilities Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded...

ManageEngine OpManager 11.5 - Multiple Vulnerabilities

Exploit for multiple platform in category web applications Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded...

ManageEngine ServiceDesk Plus 9.1.0 < Build 9103 Multiple Vulnerabilities

The remote host is running ManageEngine ServiceDesk Plus version 9.1.0 prior to build 9103. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists due to improper validation of user-supplied input on the 'Login' page. A remote attacker can exploit...

Debian DSA-3258-1 : quassel - security update

It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection e.g. when the backend PostgreSQL server is restarted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

WebDepo CMS 'wood' Parameter SQL Injection Vulnerability

WebDepo CMS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : python-django (MDVSA-2015:109)

Updated python-django packages fix security vulnerabilities : Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django...

WordPress Survey and Poll Blind SQL Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...